Re: Abusing Windows 7 Recovery Process

[Cool Hand Luke <coolhandluke () coolhandluke org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 06/29, Grandma Eubanks wrote:
> However, I think this is still interesting. It's been a while since I've
> played with Windows boxes and won't have access to one for a couple days,
> but isn't this triggering off of vendor supplied recovery partitions? This
> is a regular Windows 7 sole partition box you tried this one?

from a first look, i don't think a vendor-supplied recovery partition is
necessary. it appears that it would also be possible if the "system
restore" setting was enabled (but don't quote me on that).

i'm not sure how likely that is in your average large, corporate
environment. the ones i've seen have system restore disabled and opt to
reimage systems instead when issues occur. i'm sure there are some
environments where this could be useful, however.

- -chl

- --
cool hand luke


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQF8BAEBCgBmBQJRz0jUXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5RUE3NjY3OTY3NTE0RjAyMDgyRTNBQzAy
QkE2NTVENTVDODgzNUVCAAoJECumVdVciDXraG4H/0rOTqDYy5wzmI5/Rs8n/1Ts
Z3/xwsUuSCQzFNmA6VuPD5hRNtygPVoq3nhcm4ADZzWHPwOy32RTbtriUgK4mAF/
S2yuGsGk1rszxPdW4/DZ+APInTCMxTwtViL5NGa9AsVRKAxQ87i9XyxTUeB4V0H5
XlUMCCzmX1yNupdyIEkE4zYc4RiNTaPeamXlnds+gaW+/hmMVz9d1tC6vYBmtaAz
urXy55TnEUoAwUlAGxgtwKappfKenggqFFEc2OY0s2HTRpd1WbVEiCW7VV3BR33z
JOpwwF3IfRbOvcrZai5BztyIRmSw1r5olymXr2l3PYLXNZVmLJXmQei1CzZJ58I=
=+kX6
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/